The mining program is loaded into the users’ browser when the video player is downloaded ready to stream the video. Victims are not notified and are unaware that their computer is working hard to generate Monero.
Photograph: golibo/Getty Images/iStockphoto

Each month almost one billion visitors to four popular video sites are being unwittingly forced to mine cryptocurrency, according to a report on the practice of so-called cryptojacking.

The video sites Openload, Streamango, Rapidvideo and OnlineVideoConverter are allegedly loading mining software on to visitors’ computers, making them generate tokens for the bitcoin-like cryptocurrency Monero, according to security firm Adguard.

“We came across several very popular websites that secretly use the resources of users’ devices for cryptocurrency mining,” said Andrey Meshkov, co-founder of Adguard. “According to SimilarWeb, these four sites register 992m visits monthly.”

Q&A

What is cryptojacking?

Cryptojacking is the use of a computer to mine cryptocurrency without the permission of machine's owner.

A program is loaded on to the unwitting user's machine, typically through the browser when they visit a site with a video or other interactive element, which begins to solve computational problems that generate rewards in the form of cryptocurrency – so called mining. The person, group or organisation that places the program or script on the user's machine then reaps the rewards without compensation for the user.

The user's computer slows down when being cryptojacked as the mining operation is computationally intensive, using electricity at an increased rate and often preventing the computer from operating normally.

Was this helpful?

Thank you for your feedback.

The mining program is loaded into the users’ browser when the video player is downloaded ready to stream the video. Victims are not notified and are unaware that their computer is working hard to generate Monero. The only sign for most users would be that their computer is running slowly while playing the video.

Meshkov said: “The total monthly earnings from [this] cryptojacking, taking into account the current Monero rate, can reach $326,000. These are simply outrageous figures.”

The video sites also benefit from their video players being embedded in other sites, which can still load the mining program, therefore spreading their reach and potential money generation.

Monero is being mined in this fashion, rather than bitcoin, because it more readily lends itself to behind-the-scenes operation such as cryptojacking, explains Pieter Arntz, malware intelligence researcher at Malwarebytes. He said: “Monero mining does not depend on heavily specialised, application-specific integrated circuits (ASICs), but can be done with any CPU or GPU. Without ASICs, it is almost pointless for an ordinary computer to participate in the mining process for Bitcoin.”

Monero is also untraceable and faster to mine and confirm transactions, says Arntz, making it easier to get away with cryptojacking.

This isn’t the first time sites have been accused of using visitors’ computers to mine cryptocurrency. In September, the Pirate Bay ad US video streaming site Showtime were discovered to have performed cryptojacking, with the former declaring that it was just an experiment with a view to replacing adverts wholesale.

“The popularity of cryptojacking has grown with alarming speed,” said Meshkov. “At the moment, the only real solution is to use an ad blocker, an antivirus or one of the specialised extensions to combat cryptojacking.”

There are also discussions as to whether security protocols to block cryptojacking should be built directly into browsers including Chromium, the open-source browser that underpins Google’s Chrome browser.

Openload, Streamango, Rapidvideo and OnlineVideoConverter were unavailable for comment before publication.